| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2020-15000 | A PIN management problem was discovered on Yubico YubiKey 5 devices 5.2.0 to 5.2.6. OpenPGP has thre... | M | |
| CVE-2020-15001 | An information leak was discovered on Yubico YubiKey 5 NFC devices 5.0.0 to 5.2.6 and 5.3.0 to 5.3.1... | E M | |
| CVE-2020-15002 | OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API.... | E | |
| CVE-2020-15003 | OX App Suite through 7.10.3 allows Information Exposure because a user can obtain the IP address and... | E | |
| CVE-2020-15004 | OX App Suite through 7.10.3 allows stats/diagnostic?param= XSS.... | E | |
| CVE-2020-15005 | In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis... | S | |
| CVE-2020-15006 | Bludit 3.12.0 allows stored XSS via JavaScript code in an SVG document to bl-kernel/ajax/logo-upload... | E | |
| CVE-2020-15007 | A buffer overflow in the M_LoadDefaults function in m_misc.c in id Tech 1 (aka Doom engine) allows a... | S | |
| CVE-2020-15008 | A SQLi exists in the probe code of all Connectwise Automate versions before 2020.7 or 2019.12. A SQL... | | |
| CVE-2020-15009 | AsusScreenXpertServicec.exe and ScreenXpertUpgradeServiceManager.exe in ScreenPad2_Upgrade_Tool.msi ... | | |
| CVE-2020-15011 | GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive ... | S | |
| CVE-2020-15012 | A Directory Traversal issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.19. ... | S | |
| CVE-2020-15014 | pramodmahato BlogCMS through 2019-12-31 has admin/changepass.php CSRF.... | E | |
| CVE-2020-15015 | The FileExplorer component in GleamTech FileUltimate 6.1.5.0 allows XSS via an SVG document.... | E | |
| CVE-2020-15016 | NeDi 1.9C is vulnerable to reflected cross-site scripting. The Other-Converter.php file improperly v... | | |
| CVE-2020-15017 | NeDi 1.9C is vulnerable to reflected cross-site scripting. The Devices-Config.php file improperly va... | | |
| CVE-2020-15018 | playSMS through 1.4.3 is vulnerable to session fixation.... | E | |
| CVE-2020-15020 | An issue was discovered in the Elementor plugin through 2.9.13 for WordPress. An authenticated attac... | | |
| CVE-2020-15023 | Askey AP5100W devices through AP5100W_Dual_SIG_1.01.097 are affected by WPS PIN offline brute-force ... | E | |
| CVE-2020-15024 | An issue was discovered in the Login Password feature of the Password Manager component in Avast Ant... | | |
| CVE-2020-15025 | ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial... | S | |
| CVE-2020-15026 | Bludit 3.12.0 allows admins to use a /plugin-backup-download?file=../ directory traversal approach f... | E S | |
| CVE-2020-15027 | ConnectWise Automate through 2020.x has insufficient validation on certain authentication paths, all... | | |
| CVE-2020-15028 | NeDi 1.9C is vulnerable to a cross-site scripting (XSS) attack. The application allows an attacker t... | | |
| CVE-2020-15029 | NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to ... | | |
| CVE-2020-15030 | NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to ... | | |
| CVE-2020-15031 | NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to ... | | |
| CVE-2020-15032 | NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to ... | | |
| CVE-2020-15033 | NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to ... | | |
| CVE-2020-15034 | NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to ... | | |
| CVE-2020-15035 | NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to ... | S | |
| CVE-2020-15036 | NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to ... | E S | |
| CVE-2020-15037 | NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to ... | E S | |
| CVE-2020-15038 | The SeedProd coming-soon plugin before 5.1.1 for WordPress allows XSS.... | E | |
| CVE-2020-15041 | PHP-Fusion 9.03.60 allows XSS via the administration/site_links.php Add Site Link field.... | E | |
| CVE-2020-15043 | iBall WRB303N devices allow CSRF attacks, as demonstrated by enabling remote management, enabling DH... | E | |
| CVE-2020-15046 | The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a and IPMI firmware 03.40 allows... | E | |
| CVE-2020-15047 | MSA/SMTP.cpp in Trojita before 0.8 ignores certificate-verification errors, which allows man-in-the-... | S | |
| CVE-2020-15049 | An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.... | S | |
| CVE-2020-15050 | An issue was discovered in the Video Extension in Suprema BioStar 2 before 2.8.2. Remote attackers c... | E | |
| CVE-2020-15051 | An issue was discovered in Artica Proxy before 4.30.000000. Stored XSS exists via the Server Domain ... | E | |
| CVE-2020-15052 | An issue was discovered in Artica Proxy CE before 4.28.030.418. SQL Injection exists via the Netmask... | E | |
| CVE-2020-15053 | An issue was discovered in Artica Proxy CE before 4.28.030.418. Reflected XSS exists via these searc... | E | |
| CVE-2020-15054 | TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same ne... | | |
| CVE-2020-15055 | TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same ne... | | |
| CVE-2020-15056 | TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same ne... | | |
| CVE-2020-15057 | TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same ne... | | |
| CVE-2020-15058 | Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same ne... | | |
| CVE-2020-15059 | Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same ne... | | |
| CVE-2020-15060 | Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same ne... | | |
| CVE-2020-15061 | Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same ne... | | |
| CVE-2020-15062 | DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same ne... | | |
| CVE-2020-15063 | DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same ne... | | |
| CVE-2020-15064 | DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same ne... | | |
| CVE-2020-15065 | DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same ne... | | |
| CVE-2020-15069 | Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via th... | KEV M | |
| CVE-2020-15070 | Zulip Server 2.x before 2.1.7 allows eval injection if a privileged attacker were able to write dire... | | |
| CVE-2020-15071 | content/content.blueprintsevents.php in Symphony CMS 3.0.0 allows XSS via fields['name'] to appendSu... | E | |
| CVE-2020-15072 | An issue was discovered in phpList through 3.5.4. An error-based SQL Injection vulnerability exists ... | E | |
| CVE-2020-15073 | An issue was discovered in phpList through 3.5.4. An XSS vulnerability occurs within the Import Admi... | E | |
| CVE-2020-15074 | OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication t... | | |
| CVE-2020-15075 | OpenVPN Connect installer for macOS version 3.2.6 and older may corrupt system critical files it sho... | | |
| CVE-2020-15076 | Private Tunnel installer for macOS version 3.0.1 and older versions may corrupt system critical file... | | |
| CVE-2020-15077 | OpenVPN Access Server 2.8.7 and earlier versions allows a remote attackers to bypass authentication ... | | |
| CVE-2020-15078 | OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access con... | S | |
| CVE-2020-15079 | Improper access control in PrestaShop | S | |
| CVE-2020-15080 | Information disclosure in release archive in PrestaShop | S | |
| CVE-2020-15081 | Information exposure in the upload directory in PrestaShop | S | |
| CVE-2020-15082 | External control of configuration setting in the dashboard in PrestaShop | S | |
| CVE-2020-15083 | Reflected XSS when uploading an image in the Product page in PrestaShop | S | |
| CVE-2020-15084 | Authorization bypass in express-jwt | S | |
| CVE-2020-15085 | Client caching login operation with plaintext password in Saleor Storefront | S | |
| CVE-2020-15086 | Potential Remote Code Execution in TYPO3 with mediace extension | E S | |
| CVE-2020-15087 | Privilege escalation in Presto | | |
| CVE-2020-15091 | Denial of Service in TenderMint | E S | |
| CVE-2020-15092 | Stored XSS in TimelineJS3 | S | |
| CVE-2020-15093 | Improper verification of signature threshold in tough | S | |
| CVE-2020-15094 | RCE in Symfony | S | |
| CVE-2020-15095 | Sensitive information exposure through logs in npm cli | S | |
| CVE-2020-15096 | Context isolation bypass via Promise in Electron | | |
| CVE-2020-15097 | Path Traversal in loklak | S | |
| CVE-2020-15098 | Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS | | |
| CVE-2020-15099 | Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS | | |
| CVE-2020-15100 | Uncontrolled Resource Consumption in freewvs | S | |
| CVE-2020-15101 | Nested directory structure can lead to Uncontrolled Resource Consumption in freewvs | S | |
| CVE-2020-15102 | Improper access control on dashboard form in PrestaShop | S | |
| CVE-2020-15103 | Integer Overflow in FreeRDP | S | |
| CVE-2020-15104 | TLS Validation Vulnerability in Envoy | | |
| CVE-2020-15105 | In Django Two-Factor Authentication, user passwords are stored in clear text in the Django session | S | |
| CVE-2020-15106 | Improper Input Validation in etcd | | |
| CVE-2020-15107 | x87 FPU operations in enclaves are vulnerable to ABI poisoning in openenclave | | |
| CVE-2020-15108 | SQL Injection in glpi | S | |
| CVE-2020-15109 | Ability to change order address without triggering address validations in solidus | E S | |
| CVE-2020-15110 | Possible pod name collisions in jupyterhub-kubespawner | E S | |
| CVE-2020-15111 | CRLF vulnerability in Fiber | S | |
| CVE-2020-15112 | Improper Input Validation in etcd | | |
| CVE-2020-15113 | Improper Preservation of Permissions in etcd | | |
| CVE-2020-15114 | Denial of Service in etcd | | |
| CVE-2020-15115 | No minimum password length in etcd | | |
| CVE-2020-15117 | Denial of Service in Synergy | S | |
| CVE-2020-15118 | Cross-Site Scripting in Wagtail | S | |
| CVE-2020-15119 | DOM-based XSS in auth0-lock | | |
| CVE-2020-15120 | Authorization Bypass in I hate money | S | |
| CVE-2020-15121 | Command injection in Radare2 | S | |
| CVE-2020-15123 | Command injection in codecov (npm package) | E S | |
| CVE-2020-15124 | Path traversal in Goobi viewer Core | S | |
| CVE-2020-15125 | Authorization header is not sanitized in an error object in auth0 | S | |
| CVE-2020-15126 | Information disclosure through Viewer query in parse-server | S | |
| CVE-2020-15127 | Denial of service in Contour | S | |
| CVE-2020-15128 | Reliance on Cookies without validation in OctoberCMS | S | |
| CVE-2020-15129 | Open redirect in Traefik | S | |
| CVE-2020-15130 | False-positive validity for NFT1 genesis transactions in SLPJS | S | |
| CVE-2020-15131 | False-positive validity for NFT1 genesis transactions in SLP Validate | S | |
| CVE-2020-15132 | Reset Password / Login vulnerability in Sulu | E | |
| CVE-2020-15133 | Missing TLS certificate verification in Faye Websocket | E | |
| CVE-2020-15134 | Missing TLS certificate verification in Faye | E | |
| CVE-2020-15135 | CSRF vulnerability in save-server | E | |
| CVE-2020-15136 | Improper authentication in etcd | | |
| CVE-2020-15137 | Integer overflow in HoRNDIS | | |
| CVE-2020-15138 | Cross-Site Scripting in Prism | S | |
| CVE-2020-15139 | XSS in MyBB | S | |
| CVE-2020-15140 | Remote Code Execution in Red Discord Bot | S | |
| CVE-2020-15141 | Path Traversal in openapi-python-client | S | |
| CVE-2020-15142 | Arbitrary Code Generation | S | |
| CVE-2020-15143 | Remote Code Execution in SyliusResourceBundle | E M | |
| CVE-2020-15145 | Local privilege elevation in Composer-Setup for Windows | S | |
| CVE-2020-15146 | Remote Code Execution in SyliusResourceBundle | E M | |
| CVE-2020-15147 | Remote Code Execution in Red Discord Bot | S | |
| CVE-2020-15148 | Unsafe deserialization in Yii 2 | S | |
| CVE-2020-15149 | Account takeover in NodeBB | S | |
| CVE-2020-15150 | Remote Code Execution in paginator(hex) | S | |
| CVE-2020-15151 | Observable Timing Discrepancy in OpenMage LTS | S | |
| CVE-2020-15152 | Server-Side Request Forgery in ftp-srv | S | |
| CVE-2020-15153 | Unauthenticated SQL injection in Ampache | E S | |
| CVE-2020-15154 | Cross Site Scripting in baserCMS | S | |
| CVE-2020-15155 | Cross-Site Scripting in baserCMS | S | |
| CVE-2020-15156 | XSS due to lack of CSRF validation for replying/publishing | S | |
| CVE-2020-15157 | containerd can be coerced into leaking credentials during image pull | | |
| CVE-2020-15158 | Heap buffer overflow in libIEC61850 | S | |
| CVE-2020-15159 | Cross Site Scripting leading to RCE in baserCMS | S | |
| CVE-2020-15160 | Blind SQL Injection in PrestaShop | S | |
| CVE-2020-15161 | Potential XSS in PrestaShop | S | |
| CVE-2020-15162 | Stored XSS in PrestaShop | E S | |
| CVE-2020-15163 | Invalid root may become trusted root in The Update Framework (TUF) | S | |
| CVE-2020-15164 | Authentication Bypass in Scratch Login (mediawiki-scratch-login) | S | |
| CVE-2020-15165 | Potentially tampered sources on Play Store for Chameleon Mini Live Debugger | E | |
| CVE-2020-15166 | Denial of Service in ZeroMQ | S | |
| CVE-2020-15167 | Arbitrary code execution via configuration file in Miller | E | |
| CVE-2020-15168 | File size limit bypass in node-fetch | | |
| CVE-2020-15169 | XSS in Action View | S | |
| CVE-2020-15170 | Missing access control in apollo-adminservice | S | |
| CVE-2020-15171 | Users with SCRIPT rights can execute arbitrary code in XWiki | | |
| CVE-2020-15172 | Remote Code Execution in Act module | S | |
| CVE-2020-15173 | Heap buffer overflow in ACCEL-PPP | S | |
| CVE-2020-15174 | Unpreventable top-level navigation in Electron | S | |
| CVE-2020-15175 | Unauthenticated File Deletion in GLPI | S | |
| CVE-2020-15176 | SQL injection in GLPI | S | |
| CVE-2020-15177 | Unauthenticated Stored XSS in GLPI | S | |
| CVE-2020-15178 | Potential XSS in PrestaShop contactform | S | |
| CVE-2020-15179 | HTML Injection in ScratchSig | S | |
| CVE-2020-15180 | A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_m... | S | |
| CVE-2020-15181 | Admin account takeover in Alfresco Reset Password | S | |
| CVE-2020-15182 | Cross-site Request Forgery leading to RCE in SOY CMS | E S | |
| CVE-2020-15183 | Reflected XSS leading to RCE in SoyCMS | E S | |
| CVE-2020-15184 | Aliases are never checked in Helm | S | |
| CVE-2020-15185 | Duplicated chart entries in Helm | S | |
| CVE-2020-15186 | Improper sanitization of plugin names in Helm | S | |
| CVE-2020-15187 | Duplicate plugin entries in Helm | S | |
| CVE-2020-15188 | Unauthenticated Remote Code Execution in SOY CMS | E S | |
| CVE-2020-15189 | Remote Code Execution in SOY CMS | E S | |
| CVE-2020-15190 | Segfault in Tensorflow | E S | |
| CVE-2020-15191 | Undefined behavior in Tensorflow | E S | |
| CVE-2020-15192 | Memory leak in Tensorflow | E S | |
| CVE-2020-15193 | Memory corruption in Tensorflow | E S | |
| CVE-2020-15194 | Denial of Service in Tensorflow | E S | |
| CVE-2020-15195 | Heap buffer overflow in Tensorflow | E S | |
| CVE-2020-15196 | Heap buffer overflow in Tensorflow | E S | |
| CVE-2020-15197 | Denial of Service in Tensorflow | E S | |
| CVE-2020-15198 | Heap buffer overflow in Tensorflow | E S | |
| CVE-2020-15199 | Denial of Service in Tensorflow | E S | |
| CVE-2020-15200 | Segfault in Tensorflow | E S | |
| CVE-2020-15201 | Heap buffer overflow in Tensorflow | E S | |
| CVE-2020-15202 | Integer truncation in Shard API usage | E S | |
| CVE-2020-15203 | Denial of Service in Tensorflow | E S | |
| CVE-2020-15204 | Segfault in Tensorflow | E S | |
| CVE-2020-15205 | Data leak in Tensorflow | E S | |
| CVE-2020-15206 | Denial of Service in Tensorflow | E S | |
| CVE-2020-15207 | Segfault and data corruption in tensorflow-lite | E S | |
| CVE-2020-15208 | Data corruption in tensorflow-lite | E S | |
| CVE-2020-15209 | Null pointer dereference in tensorflow-lite | E S | |
| CVE-2020-15210 | Segmentation fault in tensorflow-lite | E S | |
| CVE-2020-15211 | Out of bounds access in tensorflow-lite | E S | |
| CVE-2020-15212 | Out of bounds access in tensorflow-lite | E S | |
| CVE-2020-15213 | Denial of service in tensorflow-lite | E S | |
| CVE-2020-15214 | Out of bounds write in tensorflow-lite | E S | |
| CVE-2020-15215 | Context isolation bypass in Electron | | |
| CVE-2020-15216 | Signature Validation Bypass in goxmldsig | S | |
| CVE-2020-15217 | User data exposure in GLPI | S | |
| CVE-2020-15218 | Admin pages are cached and can be embedded | | |
| CVE-2020-15219 | SQL query displayed on portal error | | |
| CVE-2020-15220 | Session fixation | | |
| CVE-2020-15221 | XSS in the breadcrumbs | | |
| CVE-2020-15222 | Replay of private_key_jwt possible in ORY Fosite | E S | |
| CVE-2020-15223 | Ignored storage errors on token revokation in ORY Fosite | S | |
| CVE-2020-15224 | Socket syscalls can leak enclave memory contents in Open Enclave | S | |
| CVE-2020-15225 | Denial of Service vulnerability in django-filter | S | |
| CVE-2020-15226 | SQL Injection in GLPI Search API | E S | |
| CVE-2020-15227 | Remote Code Execution vulnerability | | |
| CVE-2020-15228 | Environment Variable Injection in GitHub Actions | E | |
| CVE-2020-15229 | Path traversal and files overwrite with unsquashfs | S | |
| CVE-2020-15230 | Arbitrary file read un Vapor | S | |
| CVE-2020-15231 | Cross-site scripting attack in mapfish-print | S | |
| CVE-2020-15232 | XML External Entity attack in mapfish-print | S | |
| CVE-2020-15233 | OAuth2 Redirect URL validity does not respect query parameters and character casing for loopback addresses | S | |
| CVE-2020-15234 | Redirect URL matching ignores character casing | S | |
| CVE-2020-15235 | Sensitive data exposure in RACTF | S | |
| CVE-2020-15236 | Directory Traversal in Wiki.js | S | |
| CVE-2020-15237 | Timing attack in Shrine | S | |
| CVE-2020-15238 | Local privilege escalation Blueman | E | |
| CVE-2020-15239 | Directory Traversal in xmpp-http-upload | S | |
| CVE-2020-15240 | Regression in JWT Signature Validation | S | |
| CVE-2020-15241 | Cross-Site Scripting in TYPO3 Fluid Engine | E S | |
| CVE-2020-15242 | Open Redirect in Next.js | S | |
| CVE-2020-15243 | WebApi Authentication attribute missing in Smartstore | | |
| CVE-2020-15244 | RCE in Magento | S | |
| CVE-2020-15245 | Email verification bypass in Sylius | S | |
| CVE-2020-15246 | Local File Inclusion by unauthenticated users | S | |
| CVE-2020-15247 | Twig Sandbox Escape by authenticated users with access to editing CMS templates when safemode is enabled. | S | |
| CVE-2020-15248 | Privilege escalation by backend users assigned to the default "Publisher" system role | S | |
| CVE-2020-15249 | Stored XSS by authenticated backend user with access to upload files | S | |
| CVE-2020-15250 | Information disclosure in JUnit4 | E S | |
| CVE-2020-15251 | Privilege Escalation in Channelmgnt plug-in for Sopel | S | |
| CVE-2020-15252 | RCE in XWiki | E | |
| CVE-2020-15253 | Stored XSS in Grocy | E S | |
| CVE-2020-15254 | Undefined Behavior in bounded Crossbeam channel | E S | |
| CVE-2020-15255 | CSV injection in Anuko Time Tracker | E S | |
| CVE-2020-15256 | Prototype pollution in object-path | S | |
| CVE-2020-15257 | containerd-shim API Exposed to Host Network Containers | S | |
| CVE-2020-15258 | Insecure use of shell.openExternal in Wire | E S | |
| CVE-2020-15259 | CSRF in Auth0 ad-ldap-connector | S | |
| CVE-2020-15260 | Existing TLS connections can be reused without checking remote hostname | S | |
| CVE-2020-15261 | Unquoted service path vulnerability on Veyon | E S | |
| CVE-2020-15262 | Invalid integrity hashes in webpack-subresource-integrity | S | |
| CVE-2020-15263 | XSS in platform | S | |
| CVE-2020-15264 | Privilege Escalation in Boxstarter | S | |
| CVE-2020-15265 | Segfault in Tensorflow | E S | |
| CVE-2020-15266 | Undefined behavior in Tensorflow | E S | |
| CVE-2020-15269 | Expired token reuse in Spree | S | |
| CVE-2020-15270 | Improper session expiration in Parse Server | S | |
| CVE-2020-15271 | Shell Command Execution in lookatme | E S | |
| CVE-2020-15272 | Shell-injection in git-tag-annotation GitHub action | S | |
| CVE-2020-15273 | Cross-Site Scripting in baserCMS | S | |
| CVE-2020-15274 | Stored XSS via search result in Wiki.js | S | |
| CVE-2020-15275 | malicious SVG attachment causing stored XSS vulnerability in MoinMoin | E S | |
| CVE-2020-15276 | Cross Site Scripting in baserCMS | S | |
| CVE-2020-15277 | Remote Code Execution in baserCMS | S | |
| CVE-2020-15278 | Unauthorized privilege escalation in Mod module | S | |
| CVE-2020-15279 | Scanning exclusion paths disclosure in BEST for Windows | S | |
| CVE-2020-15281 | Rejected reason: Unused CVE for 2020... | R | |
| CVE-2020-15282 | Rejected reason: Unused CVE for 2020... | R | |
| CVE-2020-15285 | Rejected reason: Unused CVE for 2020... | R | |
| CVE-2020-15286 | Rejected reason: Unused CVE for 2020... | R | |
| CVE-2020-15287 | Rejected reason: Unused CVE for 2020... | R | |
| CVE-2020-15288 | Rejected reason: Unused CVE for 2020... | R | |
| CVE-2020-15289 | Rejected reason: Unused CVE for 2020... | R | |
| CVE-2020-15290 | Rejected reason: Unused CVE for 2020... | R | |
| CVE-2020-15291 | Rejected reason: Unused CVE for 2020... | R | |
| CVE-2020-15292 | Lack of validation on data read from guest memory in Bitdefender HVI (VA-9333) | S | |
| CVE-2020-15293 | Memory corruption in Bitdefender Hypervisor Introspection (VA-9336) | S | |
| CVE-2020-15294 | Compiler Optimization Removal or Modification of Security-Critical Code vulnerability in Bitdefender Hypervisor Introspection (VA-9339) | S | |
| CVE-2020-15295 | Rejected reason: Unused CVE for 2020... | R | |
| CVE-2020-15296 | Rejected reason: Unused CVE for 2020... | R | |
| CVE-2020-15297 | Insufficient validation in the Bitdefender Update Server and BEST Relay components of Bitdefender En... | S | |
| CVE-2020-15298 | Rejected reason: Unused CVE for 2020... | R | |
| CVE-2020-15299 | A reflected Cross-Site Scripting (XSS) Vulnerability in the KingComposer plugin through 2.9.4 for Wo... | E | |
| CVE-2020-15300 | SuiteCRM through 7.11.13 has an Open Redirect in the Documents module via a crafted SVG document.... | E | |
| CVE-2020-15301 | SuiteCRM through 7.11.13 allows CSV Injection via registration fields in the Accounts, Contacts, Opp... | | |
| CVE-2020-15302 | In Argent RecoveryManager before 0xdc350d09f71c48c5D22fBE2741e4d6A03970E192, the executeRecovery fun... | E | |
| CVE-2020-15303 | Infoblox NIOS before 8.5.2 allows entity expansion during an XML upload operation, a related issue t... | | |
| CVE-2020-15304 | An issue was discovered in OpenEXR before 2.5.2. An invalid tiled input file could cause invalid mem... | | |
| CVE-2020-15305 | An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepS... | | |
| CVE-2020-15306 | An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap b... | S | |
| CVE-2020-15307 | Nozomi Guardian before 19.0.4 allows attackers to achieve stored XSS (in the web front end) by lever... | E | |
| CVE-2020-15308 | Support Incident Tracker (aka SiT! or SiTracker) 3.67 p2 allows post-authentication SQL injection vi... | E | |
| CVE-2020-15309 | An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Local attack... | E | |
| CVE-2020-15311 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-4080. Reason: This candidate... | R | |
| CVE-2020-15312 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account.... | E | |
| CVE-2020-15313 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account.... | E | |
| CVE-2020-15314 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account.... | E | |
| CVE-2020-15315 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account within t... | E | |
| CVE-2020-15316 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account within... | E | |
| CVE-2020-15317 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within t... | E | |
| CVE-2020-15318 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account within t... | E | |
| CVE-2020-15319 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within t... | E | |
| CVE-2020-15320 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axiros password for the root account.... | E | |
| CVE-2020-15321 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axzyxel password for the livedbuser account.... | E | |
| CVE-2020-15322 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the wbboEZ4BN3ssxAfM hardcoded password for the debia... | E | |
| CVE-2020-15323 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the cloud1234 password for the a1@chopin account defa... | E | |
| CVE-2020-15324 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a world-readable axess/opt/axXMPPHandler/config/xmpp_... | E | |
| CVE-2020-15325 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded Erlang cookie for ejabberd replication.... | E | |
| CVE-2020-15326 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded certificate for Ejabberd in ejabberd.pem.... | E | |
| CVE-2020-15327 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 uses ZODB storage without authentication.... | E | |
| CVE-2020-15328 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/var/blobstorage/ permissions.... | E | |
| CVE-2020-15329 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak Data.fs permissions.... | E | |
| CVE-2020-15330 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APP_KEY in /opt/axess/etc/default/axess.... | E | |
| CVE-2020-15331 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded OAUTH_SECRET_KEY in /opt/axess/etc/defaul... | E | |
| CVE-2020-15332 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/etc/default/axess permissions.... | E | |
| CVE-2020-15333 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows attackers to discover accounts via MySQL "select *... | E | |
| CVE-2020-15334 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows escape-sequence injection into the /var/log/axxmpp... | E | |
| CVE-2020-15335 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /registerCpe requests.... | | |
| CVE-2020-15336 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /cnr requests.... | | |
| CVE-2020-15337 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Str... | E | |
| CVE-2020-15338 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Str... | E | |
| CVE-2020-15339 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows live/CPEManager/AXCampaignManager/handle_campaign_... | E | |
| CVE-2020-15340 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded opt/axess/AXAssets/default_axess/axess/TR... | E | |
| CVE-2020-15341 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated update_all_realm_license API.... | E | |
| CVE-2020-15342 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user API.... | E | |
| CVE-2020-15343 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user_key API.... | E | |
| CVE-2020-15344 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_user_id_and_key API.... | E | |
| CVE-2020-15345 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_instances_for_update API.... | E | |
| CVE-2020-15346 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a /live/GLOBALS API with the CLOUDCNM key.... | E | |
| CVE-2020-15347 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the q6xV4aW8bQ4cfD-b password for the axiros account.... | E | |
| CVE-2020-15348 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManager/AXCampaignManager/delete_cp... | E | |
| CVE-2020-15349 | BinaryNights ForkLift 3.x before 3.4 has a local privilege escalation vulnerability because the priv... | E | |
| CVE-2020-15350 | RIOT 2020.04 has a buffer overflow in the base64 decoder. The decoding function base64_decode() uses... | S | |
| CVE-2020-15351 | IDrive before 6.7.3.19 on Windows installs by default to %PROGRAMFILES(X86)%\IDriveWindows with weak... | | |
| CVE-2020-15352 | An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Poli... | | |
| CVE-2020-15354 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-15355 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-15356 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-15357 | Network Analysis functionality in Askey AP5100W_Dual_SIG_1.01.097 and all prior versions allows remo... | E | |
| CVE-2020-15358 | In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectO... | E S | |
| CVE-2020-15360 | com.docker.vmnetd in Docker Desktop 2.3.0.3 allows privilege escalation because of a lack of client ... | E | |
| CVE-2020-15362 | wifiscanner.js in thingsSDK WiFi Scanner 1.0.1 allows Code Injection because it can be used with opt... | E | |
| CVE-2020-15363 | The Nexos theme through 1.7 for WordPress allows side-map/?search_order= SQL Injection.... | E | |
| CVE-2020-15364 | The Nexos theme through 1.7 for WordPress allows top-map/?search_location= reflected XSS.... | E | |
| CVE-2020-15365 | LibRaw before 0.20-Beta3 has an out-of-bounds write in parse_exif() in metadata\exif_gps.cpp via an ... | E | |
| CVE-2020-15366 | An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A caref... | | |
| CVE-2020-15367 | Venki Supravizio BPM 10.1.2 does not limit the number of authentication attempts. An unauthenticated... | E | |
| CVE-2020-15368 | AsrDrv103.sys in the ASRock RGB Driver does not properly restrict access from user space, as demonst... | | |
| CVE-2020-15369 | Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2... | | |
| CVE-2020-15370 | Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could allow an authenticated, remote att... | | |
| CVE-2020-15371 | Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, ... | | |
| CVE-2020-15372 | A vulnerability in the command-line interface in Brocade Fabric OS before Brocade Fabric OS v8.2.2a1... | | |
| CVE-2020-15373 | Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric OS versions v8.2.1 through v8... | | |
| CVE-2020-15374 | Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c is vulnerabl... | | |
| CVE-2020-15375 | Brocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g contain an... | | |
| CVE-2020-15376 | Brocade Fabric OS versions before v9.0.0 and after version v8.1.0, configured in Virtual Fabric mode... | | |
| CVE-2020-15377 | Webtools in Brocade SANnav before version 2.1.1 allows unauthenticated users to make requests to arb... | | |
| CVE-2020-15378 | The OVA version of Brocade SANnav before version 2.1.1 installation with IPv6 networking exposes the... | | |
| CVE-2020-15379 | Brocade SANnav before v.2.1.0a could allow remote attackers cause a denial-of-service condition due ... | | |
| CVE-2020-15380 | Brocade SANnav before version 2.1.1 logs account credentials at the ‘trace’ logging level.... | | |
| CVE-2020-15381 | Brocade SANnav before version 2.1.1 contains an Improper Authentication vulnerability that allows cl... | | |
| CVE-2020-15382 | Brocade SANnav before version 2.1.1 uses a hard-coded administrator account with the weak password ‘... | | |
| CVE-2020-15383 | Running security scans against the SAN switch can cause config and secnotify processes within the fi... | | |
| CVE-2020-15384 | Brocade SANNav before version 2.1.1 contains an information disclosure vulnerability. Successful exp... | | |
| CVE-2020-15385 | Brocade SANnav before version 2.1.1 allows an authenticated attacker to list directories, and list f... | | |
| CVE-2020-15386 | Brocade Fabric OS prior to v9.0.1a and 8.2.3a and after v9.0.0 and 8.2.2d may observe high CPU load ... | | |
| CVE-2020-15387 | The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0,... | | |
| CVE-2020-15388 | A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4, and ... | | |
| CVE-2020-15389 | jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there i... | S | |
| CVE-2020-15390 | pyActivity in Pega Platform 8.4.0.237 has a security misconfiguration that leads to an improper acce... | E | |
| CVE-2020-15391 | The UI in DevSpace 4.13.0 allows web sites to execute actions on pods (on behalf of a victim) becaus... | S | |
| CVE-2020-15392 | A user enumeration vulnerability flaw was found in Venki Supravizio BPM 10.1.2. This issue occurs du... | E | |
| CVE-2020-15393 | In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory... | S | |
| CVE-2020-15394 | The REST API in Zoho ManageEngine Applications Manager before build 14740 allows an unauthenticated ... | | |
| CVE-2020-15395 | In MediaInfoLib in MediaArea MediaInfo 20.03, there is a stack-based buffer over-read in Streams_Fil... | E | |
| CVE-2020-15396 | In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-... | E S | |
| CVE-2020-15397 | HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories wr... | E S | |
| CVE-2020-15400 | CakePHP before 4.0.6 mishandles CSRF token generation. This might be remotely exploitable in conjunc... | | |
| CVE-2020-15401 | IOBit Malware Fighter Pro 8.0.2.547 allows local users to gain privileges for file deletion by manip... | E | |
| CVE-2020-15408 | An issue was discovered in Pulse Secure Pulse Connect Secure before 9.1R8. An authenticated attacker... | | |
| CVE-2020-15411 | An issue was discovered in MISP 2.4.128. app/Controller/AttributesController.php has insufficient AC... | S | |
| CVE-2020-15412 | An issue was discovered in MISP 2.4.128. app/Controller/EventsController.php lacks an event ACL chec... | S | |
| CVE-2020-15415 | On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfg... | KEV E | |
| CVE-2020-15416 | This vulnerability allows network-adjacent attackers to bypass authentication on affected installati... | | |
| CVE-2020-15417 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat... | | |
| CVE-2020-15418 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2020-15419 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2020-15420 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ce... | | |
| CVE-2020-15421 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ce... | | |
| CVE-2020-15422 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ce... | | |
| CVE-2020-15423 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ce... | | |
| CVE-2020-15424 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ce... | | |
| CVE-2020-15425 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ce... | | |
| CVE-2020-15426 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ce... | | |
| CVE-2020-15427 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ce... | | |
| CVE-2020-15428 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ce... | | |
| CVE-2020-15429 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ce... | | |
| CVE-2020-15430 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ce... | | |
| CVE-2020-15431 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ce... | | |
| CVE-2020-15432 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ce... | | |
| CVE-2020-15433 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ce... | | |
| CVE-2020-15434 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ce... | | |
| CVE-2020-15435 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ce... | | |
| CVE-2020-15436 | Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to ... | E S | |
| CVE-2020-15437 | The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/seria... | E S | |
| CVE-2020-15438 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-15439 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-15440 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-15441 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-15442 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-15443 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-15444 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-15445 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-15446 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-15447 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-15448 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-15449 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-15450 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-15451 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-15452 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-15453 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-15454 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-15455 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-15456 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-15457 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-15458 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-15459 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-15460 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-15461 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-15462 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-15463 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-15464 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-15465 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-15466 | In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. This was addressed i... | | |
| CVE-2020-15467 | The administrative interface of Cohesive Networks vns3:vpn appliances before version 4.11.1 is vulne... | | |
| CVE-2020-15468 | Persian VIP Download Script 1.0 allows SQL Injection via the cart_edit.php active parameter.... | E | |
| CVE-2020-15469 | In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL poin... | S | |
| CVE-2020-15470 | ffjpeg through 2020-02-24 has a heap-based buffer overflow in jfif_decode in jfif.c.... | | |
| CVE-2020-15471 | In nDPI through 3.2, the packet parsing code is vulnerable to a heap-based buffer over-read in ndpi_... | S | |
| CVE-2020-15472 | In nDPI through 3.2, the H.323 dissector is vulnerable to a heap-based buffer over-read in ndpi_sear... | S | |
| CVE-2020-15473 | In nDPI through 3.2, the OpenVPN dissector is vulnerable to a heap-based buffer over-read in ndpi_se... | S | |
| CVE-2020-15474 | In nDPI through 3.2, there is a stack overflow in extractRDNSequence in lib/protocols/tls.c.... | S | |
| CVE-2020-15475 | In nDPI through 3.2, ndpi_reset_packet_line_info in lib/ndpi_main.c omits certain reinitialization, ... | S | |
| CVE-2020-15476 | In nDPI through 3.2, the Oracle protocol dissector has a heap-based buffer over-read in ndpi_search_... | E S | |
| CVE-2020-15477 | The WebControl in RaspberryTortoise through 2012-10-28 is vulnerable to remote code execution via sh... | E | |
| CVE-2020-15478 | The Journal theme before 3.1.0 for OpenCart allows exposure of sensitive data via SQL errors.... | | |
| CVE-2020-15479 | An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and Performance... | E | |
| CVE-2020-15480 | An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and Performance... | E | |
| CVE-2020-15481 | An issue was discovered in PassMark BurnInTest v9.1 Build 1008, OSForensics v7.1 Build 1012, and Per... | E | |
| CVE-2020-15482 | An issue was discovered on Nescomed Multipara Monitor M1000 devices. The device enables an unencrypt... | | |
| CVE-2020-15483 | An issue was discovered on Nescomed Multipara Monitor M1000 devices. The physical UART debug port pr... | E | |
| CVE-2020-15484 | An issue was discovered on Nescomed Multipara Monitor M1000 devices. The internal storage of the und... | | |
| CVE-2020-15485 | An issue was discovered on Nescomed Multipara Monitor M1000 devices. The onboard Flash memory stores... | | |
| CVE-2020-15486 | An issue was discovered on Dr Trust ECG Pen 2.00.08 devices. Because the Bluetooth LE support is imp... | | |
| CVE-2020-15487 | Re:Desk 2.3 contains a blind unauthenticated SQL injection vulnerability in the getBaseCriteria() fu... | E | |
| CVE-2020-15488 | Re:Desk 2.3 allows insecure file upload.... | E | |
| CVE-2020-15489 | An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices. Multiple shell metachara... | | |
| CVE-2020-15490 | An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices. Multiple buffer overflow... | | |
| CVE-2020-15492 | An issue was discovered in INNEO Startup TOOLS 2017 M021 12.0.66.3784 through 2018 M040 13.0.70.3804... | E | |
| CVE-2020-15495 | Acronis True Image 2019 update 1 through 2020 on macOS allows local privilege escalation due to an i... | | |
| CVE-2020-15496 | Acronis True Image for Mac before 2021 Update 4 allowed local privilege escalation due to insecure f... | | |
| CVE-2020-15497 | jcore/portal/ajaxPortal.jsp in Jalios JCMS 10.0.2 build-20200224104759 allows XSS via the types para... | E | |
| CVE-2020-15498 | An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_20253. The router accepts an a... | | |
| CVE-2020-15499 | An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_20253. They allow XSS via spoo... | | |
| CVE-2020-15500 | An issue was discovered in server.js in TileServer GL through 3.0.0. The content of the key GET para... | E | |
| CVE-2020-15501 | Smarter Coffee Maker before 2nd generation allows firmware replacement without authentication or aut... | E | |
| CVE-2020-15502 | The DuckDuckGo application through 5.58.0 for Android, and through 7.47.1.0 for iOS, sends hostnames... | S | |
| CVE-2020-15503 | LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, p... | S | |
| CVE-2020-15504 | A SQL injection vulnerability in the user and admin web interfaces of Sophos XG Firewall v18.0 MR1 a... | | |
| CVE-2020-15505 | A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, ... | KEV E | |
| CVE-2020-15506 | An authentication bypass vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier,... | | |
| CVE-2020-15507 | An arbitrary file reading vulnerability in MobileIron Core versions 10.3.0.3 and earlier, 10.4.0.0, ... | | |
| CVE-2020-15509 | Nordic Semiconductor Android BLE Library through 2.2.1 and DFU Library through 1.10.4 for Android (a... | S | |
| CVE-2020-15511 | HashiCorp Terraform Enterprise up to v202006-1 contained a default signup page that allowed user reg... | | |
| CVE-2020-15513 | The typo3_forum extension before 1.2.1 for TYPO3 has Incorrect Access Control.... | | |
| CVE-2020-15514 | The jh_captcha extension through 2.1.3, and 3.x through 3.0.2, for TYPO3 allows XSS.... | | |
| CVE-2020-15515 | The turn extension through 0.3.2 for TYPO3 allows Remote Code Execution.... | | |
| CVE-2020-15516 | The mm_forum extension through 1.9.5 for TYPO3 allows XSS that can be exploited via CSRF.... | | |
| CVE-2020-15517 | The ke_search (aka Faceted Search) extension through 2.8.2, and 3.x through 3.1.3, for TYPO3 allows ... | | |
| CVE-2020-15518 | VeeamFSR.sys in Veeam Availability Suite before 10 and Veeam Backup & Replication before 10 has no d... | E | |
| CVE-2020-15521 | Zoho ManageEngine Applications Manager before 14 build 14730 has no protection against jsp/header.js... | | |
| CVE-2020-15522 | Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-F... | | |
| CVE-2020-15523 | In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Wi... | S | |
| CVE-2020-15525 | GitLab EE 11.3 through 13.1.2 has Incorrect Access Control because of the Maven package upload endpo... | | |
| CVE-2020-15526 | In Redgate SQL Monitor 7.1.4 through 10.1.6 (inclusive), the scope for disabling some TLS security c... | | |
| CVE-2020-15528 | An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when... | | |
| CVE-2020-15529 | An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when... | | |
| CVE-2020-15530 | An issue was discovered in Valve Steam Client 2.10.91.91. The installer allows local users to gain N... | E | |
| CVE-2020-15531 | Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overflow via packet data. This is a... | E | |
| CVE-2020-15532 | Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overflow via packet data. This is a... | E | |
| CVE-2020-15533 | In Zoho ManageEngine Application Manager 14.7 Build 14730 (before 14684, and between 14689 and 14750... | | |
| CVE-2020-15535 | An issue was discovered in the bestsoftinc Car Rental System plugin through 1.3 for WordPress. Persi... | E | |
| CVE-2020-15536 | An issue was discovered in the bestsoftinc Hotel Booking System Pro plugin through 1.1 for WordPress... | E | |
| CVE-2020-15537 | An issue was discovered in the Vanguard plugin 2.1 for WordPress. XSS can occur via the mails/new ti... | E | |
| CVE-2020-15538 | XSS can occur in We-com Municipality portal CMS 2.1.x via the cerca/ search bar.... | E | |
| CVE-2020-15539 | SQL injection can occur in We-com Municipality portal CMS 2.1.x via the cerca/ keywords field.... | E | |
| CVE-2020-15540 | We-com OpenData CMS 2.0 allows SQL Injection via the username field on the administrator login page.... | E | |
| CVE-2020-15541 | SolarWinds Serv-U FTP server before 15.2.1 allows remote command execution.... | | |
| CVE-2020-15542 | SolarWinds Serv-U FTP server before 15.2.1 mishandles the CHMOD command.... | | |
| CVE-2020-15543 | SolarWinds Serv-U FTP server before 15.2.1 does not validate an argument path.... | | |
| CVE-2020-15562 | An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x before 1.3.14, and 1.4.x before 1.... | S | |
| CVE-2020-15563 | An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest OS users to cause a hypervisor... | S | |
| CVE-2020-15564 | An issue was discovered in Xen through 4.13.x, allowing Arm guest OS users to cause a hypervisor cra... | S | |
| CVE-2020-15565 | An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host... | S | |
| CVE-2020-15566 | An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a host OS crash beca... | | |
| CVE-2020-15567 | An issue was discovered in Xen through 4.13.x, allowing Intel guest OS users to gain privileges or c... | S | |
| CVE-2020-15568 | TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that leads to code injection as root. T... | E | |
| CVE-2020-15569 | PlayerGeneric.cpp in MilkyTracker through 1.02.00 has a use-after-free in the PlayerGeneric destruct... | S | |
| CVE-2020-15570 | The parse_report() function in whoopsie.c in Whoopsie through 0.2.69 mishandles memory allocation fa... | E | |
| CVE-2020-15572 | Tor before 0.4.3.6 has an out-of-bounds memory access that allows a remote denial-of-service (crash)... | | |
| CVE-2020-15573 | SolarWinds Serv-U File Server before 15.2.1 has a "Cross-script vulnerability," aka Case Numbers 000... | | |
| CVE-2020-15574 | SolarWinds Serv-U File Server before 15.2.1 mishandles the Same-Site cookie attribute, aka Case Numb... | | |
| CVE-2020-15575 | SolarWinds Serv-U File Server before 15.2.1 allows XSS as demonstrated by Tenable Scan, aka Case Num... | | |
| CVE-2020-15576 | SolarWinds Serv-U File Server before 15.2.1 allows information disclosure via an HTTP response.... | | |
| CVE-2020-15577 | An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Cameralyzer allo... | | |
| CVE-2020-15578 | An issue was discovered on Samsung mobile devices with O(8.x) software. FactoryCamera does not prope... | | |
| CVE-2020-15579 | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Attacke... | | |
| CVE-2020-15580 | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Attacke... | | |
| CVE-2020-15581 | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The ker... | | |
| CVE-2020-15582 | An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 7885 chipsets) sof... | | |
| CVE-2020-15583 | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Sticker... | | |
| CVE-2020-15584 | An issue was discovered on Samsung mobile devices with Q(10.0) software. Attackers can trigger an ou... | | |
| CVE-2020-15586 | Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated... | S | |
| CVE-2020-15588 | An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. An attac... | | |
| CVE-2020-15589 | A design issue was discovered in GetInternetRequestHandle, InternetSendRequestEx and InternetSendReq... | | |
| CVE-2020-15590 | A vulnerability in the Private Internet Access (PIA) VPN Client for Linux 1.5 through 2.3+ allows re... | E M | |
| CVE-2020-15591 | fexsrv in F*EX (aka Frams' Fast File EXchange) before fex-20160919_2 allows eval injection (for unau... | E S | |
| CVE-2020-15592 | SteelCentral Aternity Agent before 11.0.0.120 on Windows allows Privilege Escalation via a crafted f... | | |
| CVE-2020-15593 | SteelCentral Aternity Agent 11.0.0.120 on Windows mishandles IPC. It uses an executable running as a... | | |
| CVE-2020-15594 | An SSRF issue was discovered in Zoho Application Control Plus before version 10.0.511. The mail gate... | | |
| CVE-2020-15595 | An issue was discovered in Zoho Application Control Plus before version 10.0.511. The Element Config... | E | |
| CVE-2020-15596 | The ALPS ALPINE touchpad driver before 8.2206.1717.634, as used on various Dell, HP, and Lenovo lapt... | | |
| CVE-2020-15597 | SOPlanning 1.46.01 allows persistent XSS via the Project Name, Statutes Comment, Places Comment, or ... | E | |
| CVE-2020-15598 | Trustwave ModSecurity 3.x through 3.0.4 allows denial of service via a special request. NOTE: The di... | E S | |
| CVE-2020-15599 | Victor CMS through 2019-02-28 allows XSS via the register.php user_firstname or user_lastname field.... | E | |
| CVE-2020-15600 | An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to change the admin password.... | E | |
| CVE-2020-15601 | If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Deep S... | S | |
| CVE-2020-15602 | An untrusted search path remote code execution (RCE) vulnerability in the Trend Micro Secuity 2020 (... | | |
| CVE-2020-15603 | An invalid memory read vulnerability in a Trend Micro Secuity 2020 (v16.0.0.1302 and below) consumer... | | |
| CVE-2020-15604 | An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v1... | | |
| CVE-2020-15605 | If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Vulner... | S | |
| CVE-2020-15606 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ce... | | |
| CVE-2020-15607 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ce... | | |
| CVE-2020-15608 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ce... | | |
| CVE-2020-15609 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ce... | | |
| CVE-2020-15610 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ce... | | |
| CVE-2020-15611 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ce... | | |
| CVE-2020-15612 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ce... | | |
| CVE-2020-15613 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ce... | | |
| CVE-2020-15614 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ce... | | |
| CVE-2020-15615 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ce... | | |
| CVE-2020-15616 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2020-15617 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2020-15618 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2020-15619 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2020-15620 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2020-15621 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2020-15622 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2020-15623 | This vulnerability allows remote attackers to write arbitrary files on affected installations of Cen... | | |
| CVE-2020-15624 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2020-15625 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2020-15626 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2020-15627 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2020-15628 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2020-15629 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo... | | |
| CVE-2020-15630 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2020-15631 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat... | S | |
| CVE-2020-15632 | This vulnerability allows network-adjacent attackers to bypass authentication on affected installati... | S | |
| CVE-2020-15633 | This vulnerability allows network-adjacent attackers to bypass authentication on affected installati... | | |
| CVE-2020-15634 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat... | | |
| CVE-2020-15635 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat... | | |
| CVE-2020-15636 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of NE... | | |
| CVE-2020-15637 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2020-15638 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo... | | |
| CVE-2020-15639 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ma... | | |
| CVE-2020-15640 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2020-15641 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2020-15642 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of in... | | |
| CVE-2020-15643 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ma... | E | |
| CVE-2020-15644 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ma... | | |
| CVE-2020-15645 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ma... | E | |
| CVE-2020-15646 | If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the... | | |
| CVE-2020-15647 | A Content Provider in Firefox for Android allowed local files accessible by the browser to be read b... | | |
| CVE-2020-15648 | Using object or embed tags, it was possible to frame other websites, even if they disallowed framing... | | |
| CVE-2020-15649 | Given an installed malicious file picker application, an attacker was able to steal and upload local... | | |
| CVE-2020-15650 | Given an installed malicious file picker application, an attacker was able to overwrite local files ... | | |
| CVE-2020-15651 | A unicode RTL order character in the downloaded file name can be used to change the file's name duri... | | |
| CVE-2020-15652 | By observing the stack trace for JavaScript errors in web workers, it was possible to leak the resul... | | |
| CVE-2020-15653 | An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. Th... | | |
| CVE-2020-15654 | When in an endless loop, a website specifying a custom cursor using CSS could make it look like the ... | | |
| CVE-2020-15655 | A redirected HTTP request which is observed or modified through a web extension could bypass existin... | | |
| CVE-2020-15656 | JIT optimizations involving the Javascript arguments object could confuse later optimizations. This ... | | |
| CVE-2020-15657 | Firefox could be made to load attacker-supplied DLL files from the installation directory. This requ... | | |
| CVE-2020-15658 | The code for downloading files did not properly take care of special characters, which led to an att... | | |
| CVE-2020-15659 | Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firef... | S | |
| CVE-2020-15660 | Missing checks on Content-Type headers in geckodriver before 0.27.0 could lead to a CSRF vulnerabili... | | |
| CVE-2020-15661 | A rogue webpage could override the injected WKUserScript used by the logins autofill, this exploit c... | | |
| CVE-2020-15662 | A rogue webpage could override the injected WKUserScript used by the download feature, this exploit ... | | |
| CVE-2020-15663 | If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute ... | | |
| CVE-2020-15664 | By holding a reference to the eval() function from an about:blank window, a malicious webpage could ... | | |
| CVE-2020-15665 | Firefox did not reset the address bar after the beforeunload dialog was shown if the user chose to r... | E | |
| CVE-2020-15666 | When trying to load a non-video in an audio/video context the exact status code (200, 302, 404, 500,... | E | |
| CVE-2020-15667 | When processing a MAR update file, after the signature has been validated, an invalid name length co... | | |
| CVE-2020-15668 | A lock was missing when accessing a data structure and importing certificate information into the tr... | | |
| CVE-2020-15669 | When aborting an operation, such as a fetch, an abort signal may be deleted while alerting the objec... | | |
| CVE-2020-15670 | Mozilla developers reported memory safety bugs present in Firefox for Android 79. Some of these bugs... | | |
| CVE-2020-15671 | When typing in a password under certain conditions, a race may have occured where the InputContext w... | | |
| CVE-2020-15673 | Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Some of t... | | |
| CVE-2020-15674 | Mozilla developers reported memory safety bugs present in Firefox 80. Some of these bugs showed evid... | | |
| CVE-2020-15675 | When processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption ... | | |
| CVE-2020-15676 | Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, ... | | |
| CVE-2020-15677 | By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site d... | | |
| CVE-2020-15678 | When recursing through graphical layers while scrolling, an iterator may have become invalid, result... | | |
| CVE-2020-15679 | An OAuth session fixation vulnerability existed in the VPN login flow, where an attacker could craft... | S | |
| CVE-2020-15680 | If a valid external protocol handler was referenced in an image tag, the resulting broken image size... | | |
| CVE-2020-15681 | When multiple WASM threads had a reference to a module, and were looking up exported functions, one ... | | |
| CVE-2020-15682 | When a link to an external protocol was clicked, a prompt was presented that allowed the user to cho... | | |
| CVE-2020-15683 | Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firef... | | |
| CVE-2020-15684 | Mozilla developers reported memory safety bugs present in Firefox 81. Some of these bugs showed evid... | | |
| CVE-2020-15685 | During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injec... | E S | |
| CVE-2020-15687 | Missing access control restrictions in the Hypervisor component of the ACRN Project (v2.0 and v1.6.1... | | |
| CVE-2020-15688 | The HTTP Digest Authentication in the GoAhead web server before 5.1.2 does not completely protect ag... | E | |
| CVE-2020-15689 | Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, mishandles an HTTP request wi... | | |
| CVE-2020-15690 | In Nim before 1.2.6, the standard library asyncftpclient lacks a check for whether a message contain... | E S | |
| CVE-2020-15692 | In Nim 1.2.4, the standard library browsers mishandles the URL argument to browsers.openDefaultBrows... | E S | |
| CVE-2020-15693 | In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF injection in the target URL. ... | E S | |
| CVE-2020-15694 | In Nim 1.2.4, the standard library httpClient fails to properly validate the server response. For ex... | E S | |
| CVE-2020-15695 | An issue was discovered in Joomla! through 3.9.19. A missing token check in the remove request secti... | | |
| CVE-2020-15696 | An issue was discovered in Joomla! through 3.9.19. Lack of input filtering and escaping allows XSS a... | | |
| CVE-2020-15697 | An issue was discovered in Joomla! through 3.9.19. Internal read-only fields in the User table class... | | |
| CVE-2020-15698 | An issue was discovered in Joomla! through 3.9.19. Inadequate filtering on the system information sc... | | |
| CVE-2020-15699 | An issue was discovered in Joomla! through 3.9.19. Missing validation checks on the usergroups table... | | |
| CVE-2020-15700 | An issue was discovered in Joomla! through 3.9.19. A missing token check in the ajax_install endpoin... | | |
| CVE-2020-15701 | Unhandled exception in apport | E | |
| CVE-2020-15702 | TOCTOU in apport | | |
| CVE-2020-15703 | aptdaemon allows unprivileged users to test for the presence of local files via the transaction Locale property | E S | |
| CVE-2020-15704 | pppd arbitrary file read information disclosure vulnerability | | |
| CVE-2020-15705 | GRUB2: avoid loading unsigned kernels when GRUB is booted directly under secureboot without shim | S | |
| CVE-2020-15706 | GRUB2 contains a race condition leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing. | S | |
| CVE-2020-15707 | GRUB2 contained integer overflows when handling the initrd command, leading to a heap-based buffer overflow. | E S | |
| CVE-2020-15708 | Libvirt Service Arbitrary File Write Privilege Escalation Vulnerability | | |
| CVE-2020-15709 | add-apt-repository print ASNI terminal codes | S | |
| CVE-2020-15710 | Potential double-free in pulseaudio | | |
| CVE-2020-15711 | In MISP before 2.4.129, setting a favourite homepage was not CSRF protected.... | S | |
| CVE-2020-15712 | rConfig 3.9.5 could allow a remote authenticated attacker to traverse directories on the system. An ... | | |
| CVE-2020-15713 | rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated attacker could send crafted SQL... | | |
| CVE-2020-15714 | rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated attacker could send crafted SQL... | | |
| CVE-2020-15715 | rConfig 3.9.5 could allow a remote authenticated attacker to execute arbitrary code on the system, b... | | |
| CVE-2020-15716 | RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the P... | S | |
| CVE-2020-15717 | RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the S... | S | |
| CVE-2020-15718 | RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the P... | S | |
| CVE-2020-15719 | libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-pa... | S | |
| CVE-2020-15720 | In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class did not enable python-requests cert... | S | |
| CVE-2020-15721 | RosarioSIS through 6.8-beta allows modules/Custom/NotifyParents.php XSS because of the href attribut... | S | |
| CVE-2020-15722 | In version 12.1.0.1004 and below of 360 Total Security,when TPI calls the browser process, there exi... | | |
| CVE-2020-15723 | In the version 12.1.0.1004 and below of 360 Total Security, when the main process of 360 Total Secur... | | |
| CVE-2020-15724 | In the version 12.1.0.1005 and below of 360 Total Security, when the Gamefolde calls GameChrome.exe,... | | |
| CVE-2020-15728 | Rejected reason: Unused CVE for 2020... | R | |
| CVE-2020-15730 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-15731 | Local Privilege Escalation in Bitdefender Engines (VA-8953) | S | |
| CVE-2020-15732 | Improper Certificate Validation vulnerability in the Online Threat Prevention module as used in Bitd... | S | |
| CVE-2020-15733 | URL Spoofing Vulnerability in Bitdefender SafePay (VA-8958) | S | |
| CVE-2020-15734 | Same-origin policy vulnerability in Bitdefender Safepay | S | |
| CVE-2020-15736 | Rejected reason: Unused CVE for 2020... | R | |
| CVE-2020-15737 | Rejected reason: Unused CVE for 2020... | R | |
| CVE-2020-15738 | Rejected reason: Unused CVE for 2020... | R | |
| CVE-2020-15740 | Rejected reason: Unused CVE for 2020... | R | |
| CVE-2020-15741 | Rejected reason: Unused CVE for 2020... | R | |
| CVE-2020-15743 | Rejected reason: Unused CVE for 2020... | R | |
| CVE-2020-15744 | Stack-based buffer overflow leading to RCE in Victure Camera | | |
| CVE-2020-15745 | Rejected reason: Unused CVE for 2020... | R | |
| CVE-2020-15746 | Rejected reason: Unused CVE for 2020... | R | |
| CVE-2020-15747 | Rejected reason: Unused CVE for 2020... | R | |
| CVE-2020-15748 | Rejected reason: Unused CVE for 2020... | R | |
| CVE-2020-15749 | Rejected reason: Unused CVE for 2020... | R | |
| CVE-2020-15750 | Rejected reason: Unused CVE for 2020... | R | |
| CVE-2020-15751 | Rejected reason: Unused CVE for 2020... | R | |
| CVE-2020-15752 | Rejected reason: Unused CVE for 2020... | R | |
| CVE-2020-15753 | Rejected reason: Unused CVE for 2020... | R | |
| CVE-2020-15754 | Rejected reason: Unused CVE for 2020... | R | |
| CVE-2020-15755 | Rejected reason: Unused CVE for 2020... | R | |
| CVE-2020-15756 | Rejected reason: Unused CVE for 2020... | R | |
| CVE-2020-15757 | Rejected reason: Unused CVE for 2020... | R | |
| CVE-2020-15758 | Rejected reason: Unused CVE for 2020... | R | |
| CVE-2020-15759 | Rejected reason: Unused CVE for 2020... | R | |
| CVE-2020-15760 | Rejected reason: Unused CVE for 2020... | R | |
| CVE-2020-15761 | Rejected reason: Unused CVE for 2020... | R | |
| CVE-2020-15762 | Rejected reason: Unused CVE for 2020... | R | |
| CVE-2020-15763 | Rejected reason: Unused CVE for 2020... | R | |
| CVE-2020-15764 | Rejected reason: Unused CVE for 2020... | R | |
| CVE-2020-15765 | Rejected reason: Unused CVE for 2020... | R | |
| CVE-2020-15766 | Rejected reason: Unused CVE for 2020... | R | |
| CVE-2020-15767 | An issue was discovered in Gradle Enterprise before 2020.2.5. The cookie used to convey the CSRF pre... | | |
| CVE-2020-15768 | An issue was discovered in Gradle Enterprise 2017.3 - 2020.2.4 and Gradle Enterprise Build Cache Nod... | | |
| CVE-2020-15769 | An issue was discovered in Gradle Enterprise 2020.2 - 2020.2.4. An XSS issue exists via the request ... | | |
| CVE-2020-15770 | An issue was discovered in Gradle Enterprise 2018.5. An attacker can potentially make repeated attem... | | |
| CVE-2020-15771 | An issue was discovered in Gradle Enterprise 2018.2 and Gradle Enterprise Build Cache Node 4.1. Cros... | | |
| CVE-2020-15772 | An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. When configuring Gradle Enterprise t... | | |
| CVE-2020-15773 | An issue was discovered in Gradle Enterprise before 2020.2.4. Because of unrestricted cross-origin r... | | |
| CVE-2020-15774 | An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. An attacker with physical access to ... | | |
| CVE-2020-15775 | An issue was discovered in Gradle Enterprise 2017.1 - 2020.2.4. The /usage page of Gradle Enterprise... | | |
| CVE-2020-15776 | An issue was discovered in Gradle Enterprise 2018.2 - 2020.2.4. The CSRF prevention token is stored ... | | |
| CVE-2020-15777 | An issue was discovered in the Maven Extension plugin before 1.6 for Gradle Enterprise. The extensio... | | |
| CVE-2020-15778 | scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrate... | E | |
| CVE-2020-15779 | A Path Traversal issue was discovered in the socket.io-file package through 2.0.31 for Node.js. The ... | E | |
| CVE-2020-15780 | An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection ... | S | |
| CVE-2020-15781 | A vulnerability has been identified in SICAM WEB firmware for SICAM A8000 RTUs (All versions < V05.3... | S | |
| CVE-2020-15782 | A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMA... | S | |
| CVE-2020-15783 | A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLU... | M | |
| CVE-2020-15784 | A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP8). Insecure storage... | | |
| CVE-2020-15785 | A vulnerability has been identified in Siveillance Video Client (All versions). In environments wher... | | |
| CVE-2020-15786 | A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variant... | | |
| CVE-2020-15787 | A vulnerability has been identified in SIMATIC HMI Unified Comfort Panels (All versions <= V16). Aff... | | |
| CVE-2020-15788 | A vulnerability has been identified in Polarion Subversion Webclient (All versions). The Polarion su... | | |
| CVE-2020-15789 | A vulnerability has been identified in Polarion Subversion Webclient (All versions). The web interfa... | | |
| CVE-2020-15790 | A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP8). If configured in... | | |
| CVE-2020-15791 | A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLU... | | |
| CVE-2020-15792 | A vulnerability has been identified in Desigo Insight (All versions). The web service does not prope... | | |
| CVE-2020-15793 | A vulnerability has been identified in Desigo Insight (All versions). The device does not properly s... | | |
| CVE-2020-15794 | A vulnerability has been identified in Desigo Insight (All versions). Some error messages in the web... | | |
| CVE-2020-15795 | A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE P... | | |
| CVE-2020-15796 | A vulnerability has been identified in SIMATIC ET 200SP Open Controller (incl. SIPLUS variants) (V20... | | |
| CVE-2020-15797 | A vulnerability has been identified in DCA Vantage Analyzer (All versions < V4.5 are affected by CVE... | | |
| CVE-2020-15798 | A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versi... | S | |
| CVE-2020-15799 | A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All... | | |
| CVE-2020-15800 | A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All... | | |
| CVE-2020-15801 | In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code ... | S | |
| CVE-2020-15802 | Devices supporting Bluetooth before 5.1 may allow man-in-the-middle attacks, aka BLURtooth. Cross Tr... | | |
| CVE-2020-15803 | Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before ... | S | |
| CVE-2020-15806 | CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation.... | E M | |
| CVE-2020-15807 | GNU LibreDWG before 0.11 allows NULL pointer dereferences via crafted input files.... | E | |
| CVE-2020-15809 | spxmanage on certain SpinetiX devices allows requests that access unintended resources because of SS... | | |
| CVE-2020-15810 | An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation,... | M | |
| CVE-2020-15811 | An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation,... | S | |
| CVE-2020-15813 | Graylog before 3.3.3 lacks SSL Certificate Validation for LDAP servers. It allows use of an external... | | |
| CVE-2020-15816 | In Western Digital WD Discovery before 4.0.251.0, a malicious application running with standard user... | | |
| CVE-2020-15817 | In JetBrains YouTrack before 2020.1.1331, an external user could execute commands against arbitrary ... | | |
| CVE-2020-15818 | In JetBrains YouTrack before 2020.2.8527, the subtasks workflow could disclose issue existence.... | | |
| CVE-2020-15819 | JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF that allowed scanning internal ports.... | | |
| CVE-2020-15820 | In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence.... | | |
| CVE-2020-15821 | In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article dra... | | |
| CVE-2020-15822 | In JetBrains YouTrack before 2020.2.10514, SSRF is possible because URL filtering can be escaped.... | | |
| CVE-2020-15823 | JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component.... | | |
| CVE-2020-15824 | In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not affected by the issue. Fixed vers... | S | |
| CVE-2020-15825 | In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users'... | | |
| CVE-2020-15826 | In JetBrains TeamCity before 2020.1, users are able to assign more permissions than they have.... | | |
| CVE-2020-15827 | In JetBrains ToolBox version 1.17 before 1.17.6856, the set of signature verifications omitted the j... | | |
| CVE-2020-15828 | In JetBrains TeamCity before 2020.1.1, project parameter values can be retrieved by a user without a... | | |
| CVE-2020-15829 | In JetBrains TeamCity before 2019.2.3, password parameters could be disclosed via build logs.... | | |
| CVE-2020-15830 | JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the administration UI.... | | |
| CVE-2020-15831 | JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in the administration UI.... | | |
| CVE-2020-15832 | An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The poof.cgi script cont... | S | |
| CVE-2020-15833 | An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The Dropbear SSH daemon ... | S | |
| CVE-2020-15834 | An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The wireless network pas... | S | |
| CVE-2020-15835 | An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication funct... | S | |
| CVE-2020-15836 | An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication funct... | S | |
| CVE-2020-15838 | The Agent Update System in ConnectWise Automate before 2020.8 allows Privilege Escalation because th... | | |
| CVE-2020-15839 | Liferay Portal before 7.3.3, and Liferay DXP 7.1 before fix pack 18 and 7.2 before fix pack 6, does ... | | |
| CVE-2020-15840 | In Liferay Portal before 7.3.1, Liferay Portal 6.2 EE, and Liferay DXP 7.2, DXP 7.1 and DXP 7.0, the... | | |
| CVE-2020-15841 | Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 89, 7.1 before fix pack 17, and 7.2... | S | |
| CVE-2020-15842 | Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17, and 7.2... | | |
| CVE-2020-15843 | ActFax Version 7.10 Build 0335 (2020-05-25) is susceptible to a privilege escalation vulnerability d... | E | |
| CVE-2020-15849 | Re:Desk 2.3 has a blind authenticated SQL injection vulnerability in the SettingsController class, i... | E | |
| CVE-2020-15850 | Insecure permissions in Nakivo Backup & Replication Director version 9.4.0.r43656 on Linux allow loc... | E | |
| CVE-2020-15851 | Lack of access control in Nakivo Backup & Replication Transporter version 9.4.0.r43656 allows remote... | E | |
| CVE-2020-15852 | An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen through 4.13.x for x86... | S | |
| CVE-2020-15853 | supybot-fedora implements the command 'refresh', that refreshes the cache of all users from FAS. Thi... | | |
| CVE-2020-15855 | Two cross-site scripting vulnerabilities were fixed in Bodhi 5.6.1.... | | |
| CVE-2020-15858 | Some devices of Thales DIS (formerly Gemalto, formerly Cinterion) allow Directory Traversal by physi... | | |
| CVE-2020-15859 | QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000... | E S | |
| CVE-2020-15860 | Parallels Remote Application Server (RAS) 17.1.1 has a Business Logic Error causing remote code exec... | E | |
| CVE-2020-15861 | Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) follo... | S | |
| CVE-2020-15862 | Net-SNMP through 5.8 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB p... | S | |
| CVE-2020-15863 | hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. Thi... | S | |
| CVE-2020-15864 | An issue was discovered in Quali CloudShell 9.3. An XSS vulnerability in the login page allows an at... | E | |
| CVE-2020-15865 | A Remote Code Execution vulnerability in Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0 allows an... | E | |
| CVE-2020-15866 | mruby through 2.1.2-rc has a heap-based buffer overflow in the mrb_yield_with_class function in vm.c... | E | |
| CVE-2020-15867 | The git hook feature in Gogs 0.5.5 through 0.12.2 allows for authenticated remote code execution. Th... | E | |
| CVE-2020-15868 | Sonatype Nexus Repository Manager OSS/Pro before 3.26.0 has Incorrect Access Control.... | | |
| CVE-2020-15869 | Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS (issue 1 of 2).... | S | |
| CVE-2020-15870 | Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS (Issue 2 of 2).... | S | |
| CVE-2020-15871 | Sonatype Nexus Repository Manager OSS/Pro version before 3.25.1 allows Remote Code Execution.... | S | |
| CVE-2020-15873 | In LibreNMS before 1.65.1, an authenticated attacker can achieve SQL Injection via the customoid.inc... | E S | |
| CVE-2020-15877 | An issue was discovered in LibreNMS before 1.65.1. It has insufficient access control for normal use... | E S | |
| CVE-2020-15879 | Bitwarden Server 1.35.1 allows SSRF because it does not consider certain IPv6 addresses (ones beginn... | | |
| CVE-2020-15881 | A Cross-Site Scripting (XSS) vulnerability in the munki_facts (aka Munki Conditions) module before 1... | | |
| CVE-2020-15882 | A CSRF issue in manager/delete_machine/{id} in MunkiReport before 5.6.3 allows attackers to delete a... | | |
| CVE-2020-15883 | A Cross-Site Scripting (XSS) vulnerability in the managedinstalls module before 2.6 for MunkiReport ... | | |
| CVE-2020-15884 | A SQL injection vulnerability in TableQuery.php in MunkiReport before 5.6.3 allows attackers to exec... | | |
| CVE-2020-15885 | A Cross-Site Scripting (XSS) vulnerability in the comment module before 4.0 for MunkiReport allows r... | | |
| CVE-2020-15886 | A SQL injection vulnerability in reportdata_controller.php in the reportdata module before 3.5 for M... | | |
| CVE-2020-15887 | A SQL injection vulnerability in softwareupdate_controller.php in the Software Update module before ... | | |
| CVE-2020-15888 | Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading t... | E S | |
| CVE-2020-15889 | Lua 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold... | E S | |
| CVE-2020-15890 | LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frame traversal is mishand... | E | |
| CVE-2020-15892 | An issue was discovered in apply.cgi on D-Link DAP-1520 devices before 1.10b04Beta02. Whenever a use... | E S | |
| CVE-2020-15893 | An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Universal Plug and Play... | E S | |
| CVE-2020-15894 | An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. There exists an exposed... | S | |
| CVE-2020-15895 | An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. In the file webinc/... | E S | |
| CVE-2020-15896 | An authentication-bypass issue was discovered on D-Link DAP-1522 devices 1.4x before 1.10b04Beta02. ... | S | |
| CVE-2020-15897 | Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F ... | E | |
| CVE-2020-15898 | In Arista EOS malformed packets can be incorrectly forwarded across VLAN boundaries in one direction... | E | |
| CVE-2020-15899 | Grin 3.0.0 before 4.0.0 has insufficient validation of data related to Mimblewimble.... | E S | |
| CVE-2020-15900 | A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard Post... | S | |
| CVE-2020-15901 | In Nagios XI before 5.7.3, ajaxhelper.php allows remote authenticated attackers to execute arbitrary... | | |
| CVE-2020-15902 | Graph Explorer in Nagios XI before 5.7.2 allows XSS via the link url option.... | | |
| CVE-2020-15903 | An issue was found in Nagios XI before 5.7.3. There is a privilege escalation vulnerability in backe... | | |
| CVE-2020-15904 | A buffer overflow in the patching routine of bsdiff4 before 1.2.0 allows an attacker to write to hea... | S | |
| CVE-2020-15906 | tiki-login.php in Tiki before 21.2 sets the admin password to a blank value after 50 invalid login a... | E S | |
| CVE-2020-15907 | In Mahara 19.04 before 19.04.6, 19.10 before 19.10.4, and 20.04 before 20.04.1, certain places could... | S | |
| CVE-2020-15908 | tar/TarFileReader.cpp in Cauldron cbang (aka C-Bang or C!) before 1.6.0 allows Directory Traversal d... | S | |
| CVE-2020-15909 | SolarWinds N-central through 2020.1 allows session hijacking and requires user interaction or physic... | E | |
| CVE-2020-15910 | SolarWinds N-Central version 12.3 GA and lower does not set the JSESSIONID attribute to HTTPOnly. Th... | | |
| CVE-2020-15912 | Tesla Model 3 vehicles allow attackers to open a door by leveraging access to a legitimate key card,... | E | |
| CVE-2020-15914 | A cross-site scripting (XSS) vulnerability exists in the Origin Client for Mac and PC 10.5.86 or ear... | | |
| CVE-2020-15916 | goform/AdvSetLanip endpoint on Tenda AC15 AC1900 15.03.05.19 devices allows remote attackers to exec... | E | |
| CVE-2020-15917 | common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STAR... | | |
| CVE-2020-15918 | Multiple Stored Cross Site Scripting (XSS) vulnerabilities were discovered in Mida eFramework throug... | E | |
| CVE-2020-15919 | A Reflected Cross Site Scripting (XSS) vulnerability was discovered in Mida eFramework through 2.9.0... | E | |
| CVE-2020-15920 | There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve... | E | |
| CVE-2020-15921 | Mida eFramework through 2.9.0 has a back door that permits a change of the administrative password a... | E | |
| CVE-2020-15922 | There is an OS Command Injection in Mida eFramework 2.9.0 that allows an attacker to achieve Remote ... | E | |
| CVE-2020-15923 | Mida eFramework through 2.9.0 allows unauthenticated ../ directory traversal.... | E | |
| CVE-2020-15924 | There is a SQL Injection in Mida eFramework through 2.9.0 that leads to Information Disclosure. No a... | E | |
| CVE-2020-15925 | A SQL injection vulnerability at a tpf URI in Loway QueueMetrics before 19.10.21 allows remote authe... | | |
| CVE-2020-15926 | Rocket.Chat through 3.4.2 allows XSS where an attacker can send a specially crafted message to a cha... | E S | |
| CVE-2020-15927 | Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection... | | |
| CVE-2020-15928 | In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters to test-browser/index.cfm ... | | |
| CVE-2020-15929 | In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters passed to system/runners/H... | E | |
| CVE-2020-15930 | An XSS issue in Joplin desktop 1.0.190 to 1.0.245 allows arbitrary code execution via a malicious HT... | E | |
| CVE-2020-15931 | Netwrix Account Lockout Examiner before 5.1 allows remote attackers to capture the Net-NTLMv1/v2 aut... | | |
| CVE-2020-15932 | Overwolf before 0.149.2.30 mishandles Symbolic Links during updates, causing elevation of privileges... | | |
| CVE-2020-15933 | A exposure of sensitive information to an unauthorized actor in Fortinet FortiMail versions 6.0.9 an... | S | |
| CVE-2020-15934 | An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux ve... | S | |
| CVE-2020-15935 | A cleartext storage of sensitive information in GUI in FortiADC versions 5.4.3 and below, 6.0.0 and ... | | |
| CVE-2020-15936 | A improper input validation in Fortinet FortiGate version 6.4.3 and below, version 6.2.5 and below, ... | | |
| CVE-2020-15937 | An improper neutralization of input vulnerability in FortiGate version 6.2.x below 6.2.5 and 6.4.x b... | | |
| CVE-2020-15938 | When traffic other than HTTP/S (eg: SSH traffic, etc...) traverses the FortiGate in version below 6.... | | |
| CVE-2020-15939 | An improper access control vulnerability (CWE-284) in FortiSandbox versions 3.2.1 and below and 3.1.... | | |
| CVE-2020-15940 | An improper neutralization of input vulnerability [CWE-79] in FortiClientEMS versions 6.4.1 and belo... | | |
| CVE-2020-15941 | A path traversal vulnerability [CWE-22] in FortiClientEMS versions 6.4.1 and below; 6.2.8 and below ... | | |
| CVE-2020-15942 | An information disclosure vulnerability in Web Vulnerability Scan profile of Fortinet's FortiWeb ver... | | |
| CVE-2020-15943 | An issue was discovered in the Gantt-Chart module before 5.5.4 for Jira. Due to a missing privilege ... | E | |
| CVE-2020-15944 | An issue was discovered in the Gantt-Chart module before 5.5.5 for Jira. Due to missing validation o... | E | |
| CVE-2020-15945 | Lua 5.4.0 (fixed in 5.4.1) has a segmentation fault in changedline in ldebug.c (e.g., when called by... | E S | |
| CVE-2020-15947 | A SQL injection vulnerability in the qm_adm/qm_export_stats_run.do endpoint of Loway QueueMetrics be... | | |
| CVE-2020-15948 | eGain Chat 15.5.5 allows XSS via the Name (aka full_name) field.... | E | |
| CVE-2020-15949 | Immuta v2.8.2 is affected by one instance of insecure permissions that can lead to user account take... | E | |
| CVE-2020-15950 | Immuta v2.8.2 is affected by improper session management: user sessions are not revoked upon logout.... | E | |
| CVE-2020-15951 | Immuta v2.8.2 accepts user-supplied project names without properly sanitizing the input, allowing at... | E | |
| CVE-2020-15952 | Immuta v2.8.2 is affected by stored XSS that allows a low-privileged user to escalate privileges to ... | E | |
| CVE-2020-15953 | LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffe... | E S | |
| CVE-2020-15954 | KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communication during times when the UI in... | | |
| CVE-2020-15955 | In s/qmail through 4.0.07, an active MitM can inject arbitrary plaintext commands into a STARTTLS en... | S | |
| CVE-2020-15956 | ActiveMediaServer.exe in ACTi NVR3 Standard Server 3.0.12.42 allows remote unauthenticated attackers... | E | |
| CVE-2020-15957 | An issue was discovered in DP3T-Backend-SDK before 1.1.1 for Decentralised Privacy-Preserving Proxim... | S | |
| CVE-2020-15958 | An issue was discovered in 1CRM System through 8.6.7. An insecure direct object reference to interna... | E | |
| CVE-2020-15959 | Insufficient policy enforcement in networking in Google Chrome prior to 85.0.4183.102 allowed an att... | | |
| CVE-2020-15960 | Heap buffer overflow in storage in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to... | E S | |
| CVE-2020-15961 | Insufficient policy validation in extensions in Google Chrome prior to 85.0.4183.121 allowed an atta... | E S | |
| CVE-2020-15962 | Insufficient policy validation in serial in Google Chrome prior to 85.0.4183.121 allowed a remote at... | E S | |
| CVE-2020-15963 | Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an att... | E S | |
| CVE-2020-15964 | Insufficient data validation in media in Google Chrome prior to 85.0.4183.121 allowed a remote attac... | E | |
| CVE-2020-15965 | Type confusion in V8 in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentiall... | | |
| CVE-2020-15966 | Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an att... | E S | |
| CVE-2020-15967 | Use after free in payments in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to poten... | | |
| CVE-2020-15968 | Use after free in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentia... | | |
| CVE-2020-15969 | Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potenti... | | |
| CVE-2020-15970 | Use after free in NFC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compr... | | |
| CVE-2020-15971 | Use after free in printing in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had ... | | |
| CVE-2020-15972 | Use after free in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentia... | | |
| CVE-2020-15973 | Insufficient policy enforcement in extensions in Google Chrome prior to 86.0.4240.75 allowed an atta... | | |
| CVE-2020-15974 | Integer overflow in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to bypass... | | |
| CVE-2020-15975 | Integer overflow in SwiftShader in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to ... | | |
| CVE-2020-15976 | Use after free in WebXR in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker ... | | |
| CVE-2020-15977 | Insufficient data validation in dialogs in Google Chrome on OS X prior to 86.0.4240.75 allowed a rem... | | |
| CVE-2020-15978 | Insufficient data validation in navigation in Google Chrome on Android prior to 86.0.4240.75 allowed... | E | |
| CVE-2020-15979 | Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.75 allowed a remote attacker ... | E S | |
| CVE-2020-15980 | Insufficient policy enforcement in Intents in Google Chrome on Android prior to 86.0.4240.75 allowed... | | |
| CVE-2020-15981 | Out of bounds read in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obta... | | |
| CVE-2020-15982 | Inappropriate implementation in cache in Google Chrome prior to 86.0.4240.75 allowed a remote attack... | | |
| CVE-2020-15983 | Insufficient data validation in webUI in Google Chrome on ChromeOS prior to 86.0.4240.75 allowed a l... | | |
| CVE-2020-15984 | Insufficient policy enforcement in Omnibox in Google Chrome on iOS prior to 86.0.4240.75 allowed a r... | | |
| CVE-2020-15985 | Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attack... | E S | |
| CVE-2020-15986 | Integer overflow in media in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potent... | | |
| CVE-2020-15987 | Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potenti... | | |
| CVE-2020-15988 | Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 86.0.4240.75 allow... | | |
| CVE-2020-15989 | Uninitialized data in PDFium in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obt... | S | |
| CVE-2020-15990 | Use after free in autofill in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had ... | | |
| CVE-2020-15991 | Use after free in password manager in Google Chrome prior to 86.0.4240.75 allowed a remote attacker ... | | |
| CVE-2020-15992 | Insufficient policy enforcement in networking in Google Chrome prior to 86.0.4240.75 allowed a remot... | E S | |
| CVE-2020-15993 | Use after free in printing in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to poten... | | |
| CVE-2020-15994 | Use after free in V8 in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially... | | |
| CVE-2020-15995 | Out of bounds write in V8 in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potent... | | |
| CVE-2020-15996 | Use after free in passwords in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had... | | |
| CVE-2020-15997 | Use after free in Mojo in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had comp... | | |
| CVE-2020-15998 | Use after free in USB in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compr... | | |
| CVE-2020-15999 | Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker t... | KEV E |